SSL VPN: Convert .ovpn to .apc/.epc for Site-to-Site SSL Tunnels
Please make a tool to conver regular openvpn configuartion files to your apc/epc format. Without such a tool it is impossible to use an astaro as client for existing openvpn server.
needless to say that I also really would like to have this feature (for a lot of reasons (:P)
what is my suggestion?
well, I understand, that is quite difficult to have this feature implemented in the GUI of the the UTM ... for the complexity of modes, parameters and ....
so, offer a external command line tool for this conversion (linux, win, java)
unbelievable lack of vendor response!
Jacob Bird commented
Any word on this this request has been open for years!
Sophos, please take action on that and bring us OpenVPN client to Sophos UTM.
Others are also capable acting as an OpenVPN Client.
Ya, Sophos is okay, but I'm switching back to pfsense at home (has OpenVPN support), and choosing Fortinet for the office.
Sophos - do something. People are migrating away from UTM because the Lack of this feature.
Since this request is now older than 4 years, I hope this will be finally implemented.
Eelke van Someren commented
One vote from me. Please buildin support for OpenVPN in Site-to-Site VPN.
Make this please.
And apc/epc back to ovpn, surely?
Andreas Rehm commented
This is a needed function!
Sophos, this really isn't all that hard to achieve. I understand there may be specific additional options which are outside the parameters of the standard OVPN client configuration files - but why make it so hard to utilise a UTM as an OpenVPN endpoint when UTM itself uses OpenVPN for VPN?
It really is very simple. Allow a download of a ZIP archive containing both the APC/EPC format AND the OpenVPN client configuration files, and allow for either option in the import. If you export a config from another UTM; upload the entire archive with APE/EPC and ignore the OpenVPN client configuration in the same way UTM works currently. If somebody chooses to import an .OVPN file, then manually request whatever additional information UTM requires to get a working tunnel going.
Having looked into a .APC file myself I cannot see what possible need there is to enforce this proprietary standard on the users of UTM. I had planned on using the UTM as a private VPN client device in site-to-site mode, but having discovered it is impossible to get it working with a well-known standard configuration file - I am now left to looking for alternatives. I know all too well that behind the scenes UTM simply employs standard OVPN files based upon the APC format - so I really cannot see why this capability would be impossible to achieve.
With more than twice as many votes as the next VPN feature request, make sure this one is in the next release! I am not the only one entirely frustrated by such a ridiculously pointless proprietary standard on an open source framework.
Fabio Schiattarella commented
I vote for this feature too. I definitely could use it.
I hate to say it, but you're better off pushing through doing some of this with a Linux server. You can have Astaro up front and then do NAS forwarding of SSL VPN port into another server in your backend to handle it. How exactly to set up the Linux side of that I'm not sure but I'm saying it's worth learning how to do. But we have successfully moved IPSec VPN connections from an Astaro 100% to a Linux server behind it running StrongSWAN. It was just a matter of NAS forwarding the IPSec ports. The beauty of that project was the for the most part, the partners' VPN connections didn't even know about it and kept on humming after reconnecting. We moved about 50 connections.
For where I see we still don't have this feature, we switched from a Linux gateway to sophos UTM because it seemed more trustfull and secure, but we have external offices that used to connect to our old gateway using openvpn, now we can't connect cause there's no way we can connect openvpn clients to UTM in a site-to-site manner.
HELPPP!!! Already searched through all the astaro forum and no viable solution.
Like Green Cloud below, I vote for OpenVPN.
Green Cloud commented
I am personally voting for OpenVPN compatibility.
Green Cloud commented
I vote for any way that allows me to make the UTM a client to a privateinternetaccess.com openvpn server. Seriously Sophos, why are you dropping the ball? People have been asking for this for years upon years according to the almighty Google. I didn't have a single negative comment about the UTM until this, now it's the comment I open with when discussing UTM 9.
Please make it happen!!!!! NEEEEED IT!!
David C. commented
Any feedback from Sophos, please?